iOS app Android app More

Facebook Flaw Revealed Users' Private Photos, Including Mark Zuckerberg's Collection

Facebook Flaw Revealed Users Private Photos

The Huffington Post   First Posted: 12/07/11 06:02 AM ET Updated: 12/07/11 07:07 AM ET

A security flaw on Facebook temporarily allowed users to access other members' private photos -- including images posted in Mark Zuckerberg's friends-only collection. Several of the Facebook chief executive and founder's pictures were then uploaded to public sites on the Web.

According to ZDNet, Facebook users could access someone's private photos by using the site's image reporting tool. All someone had to do was:

  • click on the report/block option
  • select "inappropriate profile photo"
  • choose the "nudity or pornography" option
  • check "report to Facebook"
  • click on the item marked "Help us take action by selecting additional photos to include with your report"

At that point, portions of the user's private photo collection were then revealed.

A member of a forum on BodyBuilding.com discovered the bug and posted a message about it, complete with step-by-step instructions and screen grabs.

After being notified of the problem, Facebook issued a statement that said it had disabled the reporting feature.

"The bug allowed anyone to view a limited number of another user's most recently uploaded photos irrespective of the privacy settings for these photos," Facebook said in a statement. "This was the result of one of our recent code pushes and was live for a limited period of time. Upon discovering the bug, we immediately disabled the system, and will only return functionality once we can confirm the bug has been fixed."

The world's largest social network did not disclose how long the bug had been live or how many users were affected, CNN reported.

In his most recent post on The Facebook Blog, Zuckerberg discussed the company's commitment to privacy and security.

I founded Facebook on the idea that people want to share and connect with people in their lives, but to do this everyone needs complete control over who they share with at all times.

This idea has been the core of Facebook since day one. When I built the first version of Facebook, almost nobody I knew wanted a public page on the internet. That seemed scary. But as long as they could make their page private, they felt safe sharing with their friends online. Control was key. With Facebook, for the first time, people had the tools they needed to do this. That's how Facebook became the world's biggest community online. We made it easy for people to feel comfortable sharing things about their real lives.

We've added many new tools since then: sharing photos, creating groups, commenting on and liking your friends' posts and recently even listening to music or watching videos together. With each new tool, we've added new privacy controls to ensure that you continue to have complete control over who sees everything you share. Because of these tools and controls, most people share many more things today than they did a few years ago.

Overall, I think we have a good history of providing transparency and control over who can see your information.

Facebook has also urged users to privately report vulnerabilities in the site's code/design. Those who do so can receive a $500 bounty and a public thank you from the company.

FOLLOW HUFFPOST TECH